University Research Funding Raises Risks and Rewards

Tommy Peterson is a freelance journalist who specializes in business and technology and is a frequent contributor to the CDW family of technology magazines.

Since Jan. 1, higher education institutions that engage in certain types of federal government research have been required to meet new standards governing data security. The mandates, outlined in the National Institute of Standards and Technology Special Publication 800-171, are designed to protect controlled unclassified information, such as research data, student records, patient information and more.

“Each research project, and there are many going on in the university at once, comes with its own set of regulatory requirements,” he says. “There’s a lot of overlap, but you have to pay attention to each requirement, know which controls apply, and then audit the controls.”

Colleges Manage Security Risks to Preserve Research Funding

For many universities, there's a lot at stake. Billions of dollars in research funding go to institutions each year, and related projects can be a major component of faculty careers. That's not to mention, of course, the discoveries and developments that researchers contribute to the fields of medicine, business, social sciences and other areas.

All of these factors, in addition to formal compliance mandates, push institutions to ensure that research data is secure.

“It’s easy to fall into the trap of simply equating compliance with regulations to good information security, but managing cyber-risk is more than that,” says Northwestern CISO Tom Murphy. “You have to translate compliance, or lack thereof, into risk for the institution and always keep that in mind. Failure means potential loss of reputation, potential loss of research grants or loss of data that requires the research to be redone.”